In this situation, use ??“S with your IP
address (of the interface you wish to send packets
through). Another possible use of this flag is to spoof the
scan to make the targets think that someone else is
scanning them. Imagine a company being repeatedly port
scanned by a competitor! This is not a supported usage
(or the main purpose) of this flag. I just think it raises an
interesting possibility that people should be aware of
before they accuse others of port scanning them. -e
would generally be required for this sort of usage.
-e
Tells nmap what interface to send and
receive packets on. Nmap should be able to detect this,
but it will tell you if it cannot.
-g Sets the source port number used in
scans. Many naive firewall and packet filter installations
make an exception in their ruleset to allow DNS (53) or
FTP-DATA (20) packets to come through and establish a
connection. Obviously, this completely subverts the
security advantages of the firewall since intruders can just
masquerade as FTP or DNS by modifying their source
ports. Obviously, for a UDP scan you should try 53 first
and TCP scans should try 20 before 53. Note that this is
only a request that nmap will honor if and when it is able
to. For example, you cannot do TCP ISN sampling all from
one host:port to one host:port, so nmap changes the
source port even if you used -g. Be aware that there is a
small performance penalty on some scans for using this
option, because I sometimes store useful information in
the source port number.
Pages:
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251